﻿<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@page pageEncoding="UTF-8"%>
<%@page contentType="text/html; charset=UTF-8"%>

    <!--
    Title: login.jsp

    Copyright (c) 2001-2011 BMC Software, Inc.
    All rights reserved.

    This software is the confidential and proprietary information of 
    BMC Software, Inc ("Confidential Information"). You shall not 
    disclose such Confidential Information and shall use it only in
    accordance with the terms of the license agreement between 
    you and BMC Software, Inc. 

    This is a generic ARSystem login page.  This page is accessed/displayed when:
    1.  User accesses AR form and have not logged in or is not a valid user on server where form resides.
    2.  User invokes login page directly with request parameters.
        These parameters allow user to specify the next page (html/jsp)
        to goto and which server to login to.  Syntax requires both parameters to be specified.
        <Usage>
        http://host/arsys/shared/login.jsp?goto=uri&server=name
        uri = absolute or relative from application context
        name = server name
    3.  User is redirected back to login page after initial login fails.

    This page can be customized for your specific site with the following exceptions:

    Form action must invoke the LoginServlet and method must be post.
       ACTION="<%=request.getContextPath()%>/servlet/LoginServlet"
       METHOD="post"

    REQUIRED PARAMETERS:
    username      = Request parameter specifying user name.
    pwd           = Request parameter specifying user password.

    OPTIONAL PARAMETERS - Although optional it is advised that these parameters not be removed.
    timezone  = Request parameter containing time zone information detected from the browser environment.
    auth      = Request parameter containing authentication string (ie: NT domain).

    arsys_login_name      = Session parameter returned with the user's name if an error occured during login.
    arsys_login_msg       = Session parameter returned containing a message if an error occurred during login.
    arsys_login_user_error = Session parameter indicating an incorrect username.
    arsys_login_password_error = Session parameter indicating an incorrect password
-->
<%
response.addHeader("Cache-Control", "no-cache");
%>

<%@ page import="com.remedy.arsys.share.MessageTranslation" %>
<%@ page import="com.remedy.arsys.config.Configuration" %>
<%@ page import="com.remedy.arsys.session.Params" %>
<%@ page import="com.remedy.arsys.session.HttpSessionKeys" %>
<%@ page import="com.remedy.arsys.session.Login" %>

<%//SW00319463 - XSS attack on IE via specific pattern: ";[JS script]//[more JS script]. Just strip URL params and re-route to login.jsp
//additional pattern - any upper-lower case variation of <script>
if (request.getQueryString() != null) {
    if (request.getQueryString().indexOf("//")!=-1 || request.getQueryString().toLowerCase().indexOf("<script>")!=-1) {
        response.sendRedirect(request.getContextPath() + Login.LOGIN_URL);
        return;
    }
}
%> 
<html>
  <head>
    <!-- common to all localized login pages -->
    <%@ include file="login_common.jsp" %>

<link rel="SHORTCUT ICON" href="<%=request.getContextPath() + "/resources/images/favicon.ico"%>"/>
    <title>福建省烟草信息化运维ITSM系统</title><!--;-->
    <style type="text/css">
        BODY {font-family:Tahoma,arial,helvetica,verdana; background:url(images/bg.gif) #b0d4ea top left repeat-x; color:#333;}
        .wrapper { margin:0 auto; width:811px; margin-top:180px;}
        .main_left { float:left; width:308px; height:278px; background:url(images/ITSM_left_bg.png) top left no-repeat;}
        .main_right { float:left; width:503px; height:278px; background:url(images/ITSM_right_bg.png) top left no-repeat;}
        .login { padding:100px 0px 0px 40px; color:#fff; font-weight:bold;}
        .login td { line-height:30px; padding-top:5px;padding-right:5px;}
        .styletext { border:1px #5e656a solid; height:20px;width:150px;}
        .Button1 { width:56px; height:26px; background:url(images/button1.jpg); line-height:18px; font-size:12px; border:0px; cursor:pointer;}
    </style>


  </head>
  
<%
//SW00293926: curent user not log out but go directly to login.jsp and logs in as another user.
//so we clear out previous credentials. NOTE: the credentials is set for re-use to save costly 
//authenticator from retrieving unnecessarily in an SSO env.
if (session.getAttribute(HttpSessionKeys.USER_CREDENTIALS)!=null)
    session.removeAttribute(HttpSessionKeys.USER_CREDENTIALS);
%>

<body onLoad="initLogin();" topmargin="0" leftmargin="0" rightmargin="0" bottommargin="0" >
<form name="loginForm" METHOD="post" ACTION="<%=request.getContextPath()%>/servlet/LoginServlet" enctype="x-www-form-encoded">
<div class="wrapper">
<div class="main_left"></div>
<div class="main_right">
    <div class="login">
        <table border="0" cellpadding="0" cellspacing="0"><tbody>
	


            <tr><td id="LoginLabel-id">用户名</td><td>
<input name="<%=Params.USERNAME%>" maxlength="<%=Params.USERNAME_LENGTH%>" id="username-id" value="<%=com.remedy.arsys.share.HTMLWriter.escape(name)%>" class="styletext ui-icons" size="30" type="text">
</td></tr>
            <tr><td id="PasswordLabel-id">密&nbsp;&nbsp;&nbsp;码</td><td>
<input name="<%=Params.PASSWORD%>" maxlength="<%=Params.PASSWORD_LENGTH%>" id="pwd-id" class="styletext ui-icons" size="30" type="password">
<input type="hidden" NAME="<%=Params.AUTHENTICATION_STRING%>" id="auth-id" maxlength="<%=Params.AUTHENTICATION_STRING_LENGTH%>" class="loginfield" size="30">
</td></tr>
            <tr><td></td><td>
                <input class="Button1" name="login" id="" title="登录" value="登录" type="button" onClick="doLogin();" /> 
                <input class="Button1" name="clear" id="" title="取消" value="取消" type="button" onClick="clearLogin();"/>
            </td></tr>
<tr><td class="login" nowrap="nowrap" width="20">&nbsp;</td>
	<td class="LoginError" nowrap="nowrap" colspan="2" id="LoginMsg-id" style="display:none">&nbsp;</td></tr>

		<tr>
								<td class="login" nowrap="nowrap" width="20">&nbsp;</td>
								<td class="login" colspan="2" nowrap="nowrap">
								</td>
							</tr>
        </tbody></table>
    </div>
<input type="hidden" name="<%=Params.TIMEZONE%>" value="">
<input type="hidden" name="<%=Params.PASSWORD_ENCRYPTED%>" value="1">
<input type="hidden" name="<%=Params.GOTO_URL%>" value="<%=com.remedy.arsys.share.HTMLWriter.escape(nextPage)%>" >
<input type="hidden" name="<%=Params.SERVER%>" value="<%=com.remedy.arsys.share.HTMLWriter.escape(server)%>" >
<input type="hidden" name="<%=Params.IP_OVERRIDE%>" value="0">
<input type="hidden" name="initialState" value="-1">
<input type="hidden" name="<%=HttpSessionKeys.TARGET_URL%>" value="">
</div>
</div>
</form>


<!--
<table border="0" cellpadding="0" cellspacing="0" height="100%" width="100%">
	<tbody><tr>
		<td valign="top">
		<table border="0" cellpadding="20" cellspacing="0" width="100%">
			<tbody><tr>
				<td bgcolor="#ffffff" width="100%">
					<table border="0" cellpadding="20" cellspacing="0" width="100%">
					<tbody><tr>
						<td valign="bottom">
						<p class="product">BMC Remedy Action Request System</p>
						</td>
						<td align="right" valign="bottom">
							<img src="<%=logo_img%>" width="136" height="31" alt="BMC logo" border="0"> 
						</td>
					</tr>
					</tbody></table>
				</td>
			</tr>
		</tbody></table>
		<table border="0" cellpadding="0" cellspacing="0" width="100%">
			<tbody><tr>
				<td width="483">
				<img src="<%=login_img%>" border="0" height="190" width="484"></td>
				<td bgcolor="#0069a5">
					<table cellpadding="2" cellspacing="0" width="340">
						<form name="loginForm" METHOD="post"
							ACTION="<%=request.getContextPath()%>/servlet/LoginServlet"
								enctype="x-www-form-encoded">
							<tbody>
							<tr>
								<td class="login" nowrap="nowrap" width="20">&nbsp;</td>
								<td class="LoginError" nowrap="nowrap" colspan="2" id="LoginMsg-id">&nbsp;</td>
							</tr>
							<tr>
								<td class="login" nowrap="nowrap" width="20">&nbsp;</td>
								<td class="login" colspan="2" nowrap="nowrap">
								<p class="subhead"><%=MessageTranslation.getLocalizedText(locale,"Please log in.")%></p>
								</td>
							</tr>
							<tr>
								<td class="login" nowrap="nowrap" width="20" >&nbsp;</td>
								<td class="login" nowrap="nowrap" id="LoginLabel-id">
									<b><label for="username-id"><%=MessageTranslation.getLocalizedText(locale,"User Name")%></label></b>
								</td>
								<td>
								<input name="<%=Params.USERNAME%>" maxlength="<%=Params.USERNAME_LENGTH%>" id="username-id" value="<%=com.remedy.arsys.share.HTMLWriter.escape(name)%>" class="loginfield" size="30" type="text">
								</td>
							</tr>
							<tr>
								<td class="login" nowrap="nowrap" width="20">&nbsp;</td>
								<td class="login" id="PasswordLabel-id" nowrap="nowrap">
									<label for="pwd-id"><%=MessageTranslation.getLocalizedText(locale,"Password")%></label>
								</td>
								<td>
								<input name="<%=Params.PASSWORD%>" maxlength="<%=Params.PASSWORD_LENGTH%>" id="pwd-id" class="loginfield" size="30" type="password">
								</td>
							</tr>
							<tr>
								<td class="Login" nowrap="nowrap" width="20">&nbsp;</td>
								<td class="Login" name="auth_label" nowrap="nowrap">
									<label for="auth-id"><%=MessageTranslation.getLocalizedText(locale,"Authentication")%></label>
								</td>
								<td><input type="text" NAME="<%=Params.AUTHENTICATION_STRING%>" id="auth-id" maxlength="<%=Params.AUTHENTICATION_STRING_LENGTH%>" class="loginfield" size="30"></td>
							</tr>
							<tr>
								<td class="Login" nowrap="nowrap" width="20">&nbsp;</td>
								<td class="loginfield" nowrap="nowrap">&nbsp;</td>
								<td>
									<input type="button" name="login" value="<%=MessageTranslation.getLocalizedText(locale, "Log In")%>" onClick="doLogin();">&nbsp;
									<input type="button" name="clear" value="<%=MessageTranslation.getLocalizedText(locale, "Clear")%>" onClick="clearLogin();">
								</td>
							</tr>
							<tr>
								<td class="Login" nowrap="nowrap">&nbsp;</td>
								<td class="Login" nowrap="nowrap">&nbsp;</td>
								<td>
									<input type="hidden" name="<%=Params.TIMEZONE%>" value="">
									<input type="hidden" name="<%=Params.PASSWORD_ENCRYPTED%>" value="1">
									<input type="hidden" name="<%=Params.GOTO_URL%>" value="<%=com.remedy.arsys.share.HTMLWriter.escape(nextPage)%>" >
									<input type="hidden" name="<%=Params.SERVER%>" value="<%=com.remedy.arsys.share.HTMLWriter.escape(server)%>" >
									<input type="hidden" name="<%=Params.IP_OVERRIDE%>" value="0">
									<input type="hidden" name="initialState" value="-1">
									<input type="hidden" name="<%=HttpSessionKeys.TARGET_URL%>" value="">
								</td>
							</tr>
						
					</tbody>
					</form>
					</table>
					</td>
				</tr>
			</tbody></table>
		<div id="alertArea" align="left" style="display:none">
			<table border="0" cellpadding="20" cellspacing="0" width="100%">
				<tr>
					<td width="100%" class="warning">
						<font size="4" color="red"><%=MessageTranslation.getLocalizedText(locale,"Warning")%></font>
						<ul id="errList">
						</ul>
					</td>
				</tr>
			</table>
		</div>
		<div align="center">
		<table border="0" cellpadding="20" cellspacing="0" width="100%" id="table1">
			<tr>
				<td width="100%"><% if(iframeurl != null) {%>
					<iframe src="<%=iframeurl%>"></iframe>
					<%}%>
				</td>
			</tr>
		</table>
		</div>
		<p>&nbsp;</p>
		</td>
	</tr>
	<tr>
		<td valign="bottom">
		<table border="0" cellpadding="10" cellspacing="0" width="100%">
		
			<tbody><tr>
				<td bgcolor="#e8e8e1">
				<table border="0" cellpadding="0" cellspacing="0" width="100%">
					<tbody><tr>
						<td width="30">&nbsp;</td>
						<td>
						<p class="caption"><%=MessageTranslation.getLocalizedText(locale,"&#xa9; 2011 BMC Software, Inc. All rights reserved.")%></p>
						</td>
					</tr>
				</tbody></table>
				</td>
			</tr>
		</tbody></table>
		</td>
	</tr>
</tbody></table>
-->

</body>
</html>
